ykman cannot detect Yubikey depending on which function command is used

[Zaptyp]

• YubiKey Manager (ykman) version: 5.5.1
• How was it installed?: Using pip
• Operating system and version: Windows 11 23H2(22635.4145) PRO x64

• YubiKey model and version: YubiKey 5 NFC (5.4.3) [OTP+FIDO+CCID] Serial: *****900

• Bug description summary:

ykman can not communicate with Yubikey to work with these functions:

• openpgp
• hsmauth
• oath
• piv But strangely can get ykman to work with otp and fido

Steps to reproduce

1. Install yubico-manager package from pip
2. Connect Yubikey 5 NFC to USB Port
3. Run command "ykman <function name for example: piv> info"

Expected result

ykman should display info about function for what command is triggered and not throw error "ERROR: Failed to connect to YubiKey."

Actual results and logs

Screenshot of what works and what doesn't: Infomation about Yubikey:

PS C:\Users\Zaptyp> ykman info
WARNING: Failed opening device
Device type: YubiKey 5 NFC
Serial number: *****900
Firmware version: 5.4.3
Form factor: Keychain (USB-A)
Enabled USB interfaces: OTP, FIDO, CCID
NFC transport is enabled

Applications    USB     NFC
Yubico OTP      Enabled Enabled
FIDO U2F        Enabled Enabled
FIDO2           Enabled Enabled
OATH            Enabled Enabled
PIV             Enabled Enabled
OpenPGP         Enabled Enabled
YubiHSM Auth    Enabled Enabled

Log for a working function:

PS C:\Users\Zaptyp> ykman -l DEBUG fido info
INFO 20:45:47.880 [ykman.logging.set_log_level:60] Logging at level: DEBUG
WARNING 20:45:47.880 [ykman.logging.set_log_level:64]
#############################################################################
#                                                                           #
# WARNING: Sensitive data may be logged!                                    #
# Some personally identifying information may be logged, such as usernames! #
#                                                                           #
#############################################################################
INFO 20:45:47.880 [ykman._cli.__main__.cli:355] System info:
  ykman:            5.5.1
  Python:           3.12.4 (tags/v3.12.4:8e8a4ba, Jun  6 2024, 19:30:16) [MSC v.1940 64 bit (AMD64)]
  Platform:         win32
  Arch:             AMD64
  System date:      2024-09-09
  Running as admin: True
  Windows version:  (10, 0, 22635)

DEBUG 20:45:47.886 [fido2.hid.windows.list_descriptors:397] Failed reading HID descriptor for b'\\\\?\\hid#hid_device_system_vhf#7&c0c115e&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}'
Traceback (most recent call last):
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\fido2\hid\windows.py", line 390, in list_descriptors
    descriptor = get_descriptor(path)
                 ^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\fido2\hid\windows.py", line 280, in get_descriptor
    raise WinError()
PermissionError: [WinError 32] Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
DEBUG 20:45:47.890 [ykman.device.add:165] Add device for <class 'fido2.ctap.CtapDevice'>: CtapYubiKeyDevice(pid=0407, fingerprint=b'\\\\?\\hid#vid_1050&pid_0407&mi_01#7&26184516&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}')
DEBUG 20:45:47.894 [yubikit.support.read_info:264] Attempting to read device info, using CtapHidDevice
DEBUG 20:45:47.894 [yubikit.management.__init__:558] Management session initialized for connection=CtapHidDevice, version=5.4.3
DEBUG 20:45:47.894 [yubikit.management.read_device_info:586] Reading DeviceInfo page: 0
DEBUG 20:45:47.898 [yubikit.support.read_info:292] Read info: DeviceInfo(config=DeviceConfig(enabled_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 571>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 827>}, auto_eject_timeout=0, challenge_response_timeout=15, device_flags=<DEVICE_FLAG: 0>, nfc_restricted=False), serial=*****900, version=Version(major=5, minor=4, patch=3), form_factor=<FORM_FACTOR.USB_A_KEYCHAIN: 1>, supported_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH|4: 831>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH|4: 831>}, is_locked=False, is_fips=False, is_sky=False, part_number=None, fips_capable=<CAPABILITY: 0>, fips_approved=<CAPABILITY: 0>, pin_complexity=False, reset_blocked=<CAPABILITY: 0>, fps_version=None, stm_version=None)
DEBUG 20:45:47.898 [yubikit.support.read_info:351] Device info, after tweaks: DeviceInfo(config=DeviceConfig(enabled_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP: 571>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 827>}, auto_eject_timeout=0, challenge_response_timeout=15, device_flags=<DEVICE_FLAG: 0>, nfc_restricted=False), serial=*****900, version=Version(major=5, minor=4, patch=3), form_factor=<FORM_FACTOR.USB_A_KEYCHAIN: 1>, supported_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH|4: 831>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH|4: 831>}, is_locked=False, is_fips=False, is_sky=False, part_number=None, fips_capable=<CAPABILITY: 0>, fips_approved=<CAPABILITY: 0>, pin_complexity=False, reset_blocked=<CAPABILITY: 0>, fps_version=None, stm_version=None)
DEBUG 20:45:47.898 [ykman.device.add:176] Resolved device *****900
PIN:                8 attempt(s) remaining
Minimum PIN length: 4

Log for not working function:

PS C:\Users\Zaptyp> ykman -l DEBUG hsmauth info
INFO 20:48:49.429 [ykman.logging.set_log_level:60] Logging at level: DEBUG
WARNING 20:48:49.429 [ykman.logging.set_log_level:64]
#############################################################################
#                                                                           #
# WARNING: Sensitive data may be logged!                                    #
# Some personally identifying information may be logged, such as usernames! #
#                                                                           #
#############################################################################
INFO 20:48:49.429 [ykman._cli.__main__.cli:355] System info:
  ykman:            5.5.1
  Python:           3.12.4 (tags/v3.12.4:8e8a4ba, Jun  6 2024, 19:30:16) [MSC v.1940 64 bit (AMD64)]
  Platform:         win32
  Arch:             AMD64
  System date:      2024-09-09
  Running as admin: True
  Windows version:  (10, 0, 22635)

DEBUG 20:48:49.438 [fido2.hid.windows.list_descriptors:397] Failed reading HID descriptor for b'\\\\?\\hid#hid_device_system_vhf#7&c0c115e&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}'
Traceback (most recent call last):
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\fido2\hid\windows.py", line 390, in list_descriptors
    descriptor = get_descriptor(path)
                 ^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\fido2\hid\windows.py", line 280, in get_descriptor
    raise WinError()
PermissionError: [WinError 32] Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
DEBUG 20:48:49.441 [ykman.device.add:165] Add device for <class 'yubikit.core.smartcard.SmartCardConnection'>: ScardYubiKeyDevice(pid=0407, fingerprint='Yubico YubiKey OTP+FIDO+CCID 0')
WARNING 20:48:49.442 [ykman.device.add:179] Failed opening device
Traceback (most recent call last):
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\device.py", line 171, in add
    with dev.open_connection(conn_type) as conn:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\pcsc\__init__.py", line 88, in open_connection
    return self._open_smartcard_connection()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\pcsc\__init__.py", line 96, in _open_smartcard_connection
    return ScardSmartCardConnection(self.reader.createConnection())
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\smartcard\pcsc\PCSCReader.py", line 101, in createConnection
    return CardConnectionDecorator(PCSCCardConnection(self.name))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: Can't instantiate abstract class CardConnectionDecorator without an implementation for abstract methods 'doControl', 'doGetAttrib', 'doTransmit'
ERROR 20:48:49.445 [ykman._cli.__main__.main:635] Failed to connect to YubiKey.
Traceback (most recent call last):
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\_cli\__main__.py", line 619, in main
    cli(obj={})
  File "C:\Program Files\Python312\Lib\site-packages\click\core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\click\core.py", line 1078, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\click\core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\click\core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\click\core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\click\core.py", line 783, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\click\decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\_cli\hsmauth.py", line 261, in info
    info = ctx.obj["info"]
           ~~~~~~~^^^^^^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\_cli\util.py", line 219, in __getitem__
    self.resolve()
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\_cli\util.py", line 216, in resolve
    self._objects[k] = f()
                       ^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\_cli\__main__.py", line 395, in <lambda>
    ctx.obj.add_resolver("device", lambda: resolve()[0])
                                           ^^^^^^^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\_cli\__main__.py", line 391, in resolve
    items = require_device(connections, device)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Zaptyp\AppData\Roaming\Python\Python312\site-packages\ykman\_cli\__main__.py", line 194, in require_device
    raise CliFail("Failed to connect to YubiKey.")

ykman --diagnose:

PS C:\Users\Zaptyp> ykman --diagnose
ykman:            5.5.1
Python:           3.12.4 (tags/v3.12.4:8e8a4ba, Jun  6 2024, 19:30:16) [MSC v.1940 64 bit (AMD64)]
Platform:         win32
Arch:             AMD64
System date:      2024-09-09
Running as admin: True
Windows version:  (10, 0, 22635)
Detected PC/SC readers:
  Yubico YubiKey OTP+FIDO+CCID 0: <TypeError>

Detected YubiKeys over PC/SC:
  ScardYubiKeyDevice(pid=0407, fingerprint='Yubico YubiKey OTP+FIDO+CCID 0'): PC/SC connection failure: TypeError("Can't instantiate abstract class CardConnectionDecorator without an implementation for abstract methods 'doControl', 'doGetAttrib', 'doTransmit'")

Detected YubiKeys over HID OTP:
  OtpYubiKeyDevice(pid=0407, fingerprint=b'\\\\?\\hid#vid_1050&pid_0407&mi_00#7&39486154&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}\\kbd'):
    Management:
      Raw Info: 2e0102033f0302033b0204015611ec04010105030504030602000007010f0801000d02033f0e02033b0a01000f0100
      DeviceInfo:
        config:
          enabled_capabilities:
            USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 0x33b
            NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 0x33b

          auto_eject_timeout:         0
          challenge_response_timeout: 15
          device_flags:               0
          nfc_restricted:             False

        serial:         *****900
        version:        5.4.3
        form_factor:    Keychain (USB-A)
        supported_capabilities:
          USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 0x33f
          NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 0x33f

        is_locked:      False
        is_fips:        False
        is_sky:         False
        part_number:    None
        fips_capable:   : 0x0
        fips_approved:  : 0x0
        pin_complexity: False
        reset_blocked:  : 0x0
        fps_version:    None
        stm_version:    None

      Name: YubiKey 5 NFC

    OTP:
      ConfigState(configured: (False, False), touch_triggered: (False, False), led_inverted: False)

Detected YubiKeys over HID FIDO:
  CtapYubiKeyDevice(pid=0407, fingerprint=b'\\\\?\\hid#vid_1050&pid_0407&mi_01#7&26184516&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}'):
    CTAP device version:      5.4.3
    CTAPHID protocol version: 2
    Capabilities:             5
    Management:
      Raw Info: 2e0102033f0302033b0204015611ec04010105030504030602000007010f0801000d02033f0e02033b0a01000f0100
      DeviceInfo:
        config:
          enabled_capabilities:
            USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 0x33b
            NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 0x33b

          auto_eject_timeout:         0
          challenge_response_timeout: 15
          device_flags:               0
          nfc_restricted:             False

        serial:         *****900
        version:        5.4.3
        form_factor:    Keychain (USB-A)
        supported_capabilities:
          USB: OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 0x33f
          NFC: OTP|U2F|FIDO2|OATH|PIV|OPENPGP|HSMAUTH: 0x33f

        is_locked:      False
        is_fips:        False
        is_sky:         False
        part_number:    None
        fips_capable:   : 0x0
        fips_approved:  : 0x0
        pin_complexity: False
        reset_blocked:  : 0x0
        fps_version:    None
        stm_version:    None

      Name: YubiKey 5 NFC

    Ctap2Info:
      versions:
        U2F_V2
        FIDO_2_0
        FIDO_2_1_PRE

      extensions:
        credProtect
        hmac-secret

      aaguid:                           2fc0579f811347eab116bb5a8db9202a
      options:
        rk:                    True
        up:                    True
        plat:                  False
        clientPin:             True
        credentialMgmtPreview: True

      max_msg_size:                     1200
      pin_uv_protocols:
        2
        1

      max_creds_in_list:                8
      max_cred_id_length:               128
      transports:
        nfc
        usb

      algorithms:
        alg:  -7
        type: public-key
        alg:  -8
        type: public-key

      max_large_blob:                   None
      force_pin_change:                 False
      min_pin_length:                   4
      firmware_version:                 328707
      max_cred_blob_length:             None
      max_rpids_for_min_pin:            0
      preferred_platform_uv_attempts:   None
      uv_modality:                      None
      certifications:                   None
      remaining_disc_creds:             None
      vendor_prototype_config_commands: None

    PIN retries: (8, None)

End of diagnostics

Other info

I don't know what strange things are going on here but Yubikey works without any problem with Yubico Authenticator

[dainnilsson]

This is a duplicate of #634.

[Zaptyp]

This is a duplicate of #634.

Not a duplicate because this occurs on WIndows not Linux genius

[dainnilsson]

Thank you. It is a duplicate because it is caused by the same underlying issue, as linked from the other issue.

[Zaptyp]

https://github.com/LudovicRousseau/pyscard/releases/tag/2.1.1 Problem fixed by updating pyscard to 2.1.1